Snyk vulnerability compliance with kosli evaluate trail
Kosli recently released kosli evaluate trail, a command that evaluates selected attestations in a Kosli trail against a Rego policy file. We used it to build a complete and useful solution for tracking Snyk container vulnerabilities for cyber-dojo (an open-sourced browser based online tool for practising TDD which Kosli uses for demos). You’ll read about what we built, why we built it, how we tested it, and specifically: how it’s used in build workflows, in promotion workflows, and also in workflows than run “live” scans on already deployed artifacts how it runs with zero-trust against a policy defined in Rego and params files Table of contents The Problems Design overview The snyk scan and the .
Announcing Kosli’s brand new docs
Good docs are how developers work with a product, from first look to daily use. That’s been true for a long time, and it’s becoming more true as developers increasingly hand that work to …
Diff-erent Perspectives: How Specialized LLM Personas Catch More Bugs
We’ve built a multi-LLM PR reviewer that runs on every pull request in a couple of our own repos. Two independent models look at each change in parallel, each wearing a set of “persona …
Introducing Code Repositories in Kosli
Kosli gives your organization a complete picture of software delivery - every build, scan, deployment, and compliance event tracked. Until now that picture was most useful to the people managing …
Kosli and Adaptavist Partner to Automate Governance for AI driven Software Delivery
Today, Kosli and Adaptavist announce a strategic partnership to help regulated enterprises automate governance for AI driven software delivery - making it automated, continuous, and evidence-driven …
Introducing kosli evaluate: Rego Policy Evaluation for Your Compliance Data
If you’re evaluating compliance controls against your Kosli trail data today, there’s a good chance you’ve written some glue code to make it work. A script that pulls trail data from …
Governing AI Generated Code - A Hands-On Experiment with Entire and Kosli
Can you create an audit trail for what your AI agent actually did, and enforce rules about what it was allowed to do? Here’s what I found after spending a session wiring the two tools together. …
A Technical Guide to Controls Engineering
Why Software Delivery Governance Matters The modern world runs on mission-critical software. It moves our money, drives our cars, diagnoses our illnesses, and fundamentally improves our lives. But, …
Environment support in Terraform Provider for Kosli - v0.2.0
We’re excited to announce support of physical environments in the Terraform Provider for Kosli! What’s Included Environment Management: Full lifecycle support for creating, updating, and …
Terraform Provider for Kosli - v0.1.0
We’re excited to announce the very first release of the official Terraform Provider for Kosli. This is only the start of the journey for managing Kosli resources at scale! Why This Matters To …
Kosli and Team Topologies - A Strategic Partnership for SDLC Governance
We’re delighted to announce a strategic partnership between Kosli and TeamTopologies - a collaboration that brings together SDLC Governance automation with the world’s leading framework …
